Latest Activity

CXF becomes friends with Tika and Lucene
5 days ago

By Sergey Beryozkin
You may have been thinking for a while: would it actually be cool to get some experience with Apache Lucene and Apache Tika and enhance the JAX-RS services you work upon along the way ? Lucene and Tika are those cool projects people are talking about but as it happens there has never been an opportunity to use them in your project...

Apache Lucene is a well known project where its community keeps innovating with improving and optimizing the ...
Continue reading →

Using JAAS with Apache CXF
6 days ago

By Colm O hEigeartaigh
Apache CXF supports a wide range of tokens for authentication (SAML, UsernameTokens, Kerberos, etc.), and also offers different ways of authenticating these tokens. A standard way of authenticating a received token is to use a JAAS LoginModule. This article will cover some of the different ways you can configure JAAS in CXF, and some of the JAAS LoginModules that are available.

1) Configuring JAAS in Apache CXF

There are a number of different ways to ...
Continue reading →

New Apache WSS4J releases
1 week ago

By Colm O hEigeartaigh
Apache WSS4J 1.6.17 and 2.0.2 have been released. WSS4J 2.0.2 picks up some bug fixes via Apache Santuario and BouncyCastle dependency upgrades, in particular the latter upgrade fixes some Kerberos issues. Both releases contain some changes to how SAML tokens are processed that will be described in a forthcoming blog post.

I also added a new Security Advisories page to the WSS4J website. For the moment it just contains some links and information on ...
Continue reading →

Some recent WS-Trust client topics in Apache CXF
1 week ago

By Colm O hEigeartaigh
There are a number of minor new features and changes in recent versions of Apache CXF with respect to the client side of WS-Trust, which will be documented in this post.

1) STSClient configuration

CXF's STSClient is responsible for communicating with a Security Token Service (STS) via the WS-Trust protocol, in order to issue/validate/renew/etc. a security token. To support WS-Trust on the client side in CXF, it is necessary to construct an STSClient ...
Continue reading →

Apache CXF Authentication and Authorization test-cases III
1 week ago

By Colm O hEigeartaigh
This is the third in a series of posts on authentication and authorization test-cases for web services using Apache CXF. The first post focused on authenticating and authorizing web service requests that included a username and password (WS-Security UsernameToken and HTTP/BA). The second article looked at more sophisticated ways of performing authentication and authorization, such as using X.509 certificates, using a SecurityTokenService (STS), using ...
Continue reading →

Encrypt ConfigAdmin properties values in Apache Karaf
2 weeks ago

By Jean-Baptiste Onofré
Apache Karaf loads all the configuration from etc/*.cfg files by default, using a mix of Felix FileInstall and Felix ConfigAdmin. These files are regular properties file looking like: Some values may be critical, and so not store in plain text. It could be critical business data (credit card number, etc), or technical data (password to
Continue reading →

Apache Santuario - XML Security for Java 2.0.2 release
3 weeks ago

By Colm O hEigeartaigh
Apache Santuario - XML Security for Java 2.0.2 has been released. This is a minor release that fixes a couple of bugs with the streaming code and contains a few dependency
Continue reading →

MDC logging with Apache Karaf and Camel
1 month ago

By Jean-Baptiste Onofré
MDC (Mapped Diagnostic Context) logging is an interesting feature to log contextual messages. It’s classic to want to log contextual messages in your application. For instance, we want to log the actions performed by an user (identified by an username or user id). As you have a lot of simultaneous users on your application, it’s
Continue reading →

Testing (utest and itest) Apache Camel Blueprint route
1 month ago

By Jean-Baptiste Onofré
In any integration project, testing is vital for multiple reasons: to guarantee that the integration logic matches the expectations to quickly identify some regression issues to test some special cases, like the errors for instance to validate the succesful provisioning (deployment) on a runtime as close as possible to the target platform We distinguish two
Continue reading →

Apache JMeter to test Apache ActiveMQ on CI with Maven/Jenkins
1 month ago

By Jean-Baptiste Onofré
Apache JMeter is a great tool for testing, especially performance testing. It provides a lot of samplers that you can use to test your web services, web applications, etc. It also includes a couple of samplers for JMS that we can use with ActiveMQ. Preparing JMeter for ActiveMQ For this article, I downloaded JMeter 2.10
Continue reading →

Webex on Ubuntu 14.04
1 month ago

By Jean-Baptiste Onofré
Webex is a great tool but unfortunately, it doesn’t work “out of the box” on Ubuntu 14.04 (and also with previous Ubuntu releases). For instance, the webex applet starts but it doesn’t refresh correctly, or the share of desktop/application doesn’t work. Actually, the issue is due to: some libraries required by webex are missing on
Continue reading →

[OT] Wake Up To CXF Revolution !
2 months ago

By Sergey Beryozkin
It's the end of the summer, still warm outside, and your friends from the Big Data team have millions of millions of records processed per second with Hadoop and give the happy smiles of those who are doing something new and cool. And you have GET, POST, may be PUT, then again GET. Occasional DELETE and if you are really lucky, you've got PATCH in the logs. You are starting wondering, is it really still cool, be a web service  developer, does ...
Continue reading →

Apache Syncope backend with Apache Karaf
2 months ago

By Jean-Baptiste Onofré
Apache Syncope is an identity manager (IdM). It comes with a web console where you can manage users, attributes, roles, etc. It also comes with a REST API allowing to integrate with other applications. By default, Syncope has its own database, but it can also “façade” another backend (LDAP, ActiveDirectory, JDBC) by using ConnId. In
Continue reading →

Learn JOSE and become a better Web Service Developer
2 months ago

By Sergey Beryozkin
The work around OAuth2 and JOSE in particular has inspired me.

So much that I've ordered several books from Amazon.co.uk - and it's been quite a while since the idea of buying a book occurred to me; and several books in the age of Google ? - see, it did inspire me.

Sometimes we the developers think that we know all and if not all then we think we won't need that extra piece of knowledge, being the experts we are. The software engineering is not easy. ...
Continue reading →

JAX-RS is not only about REST
2 months ago

By Sergey Beryozkin
I've been planning to post this 'philosophical' piece for a while.

The JAX-RS specification (Java API for RESTful services) has really got off the ground long time ago. JAX-RS 2.0 with its new brilliant features, with three JAX-RS 2.0 frameworks around (there will possibly be more, we never know), is and will further contribute to the popularity of JAX-RS.

JAX-RS 2.1 work will go ahead  soon enough and it will be another great specification, I've ...
Continue reading →

New Apache Santuario releases
3 months ago

By Colm O hEigeartaigh
Two new versions of the Apache Santuario - XML Security for Java project have been released. Version 2.0.1 (release notes) adds support for a number of previously unsupported algorithms, such as RSA with SHA-224, the RIPE-MD160 digest algorithm, and the RSASSA-PSS signature scheme. It also fixes a performance regression when evaluating signatures, a UTF-8 encoding issue with certain characters, an issue with using GCM algorithms with JDK 8, and a ...
Continue reading →

Apache CXF Fediz 1.1.1 released
4 months ago

By Colm O hEigeartaigh
Apache CXF Fediz 1.1.1 and 1.0.4 have been released. Fediz is a subproject of Apache CXF which implements the WS-Federation Passive Requestor Profile. It allows you to secure web applications using Single Sign-On (SSO) and Claims Based Access Control (CBAC), by redirecting users to an IdP (Identity Provider) for authentication, which in turn leverages the CXF STS (SecurityTokenService). Plugins are provided for the most popular web application ...
Continue reading →

Apache CXF Authentication and Authorization test-cases II
4 months ago

By Colm O hEigeartaigh
In a previous blog post, I covered a number of Apache CXF-based authentication and authorization testcases I uploaded to github. The testcases showed how to authenticate and authorize a SOAP request containing either a SOAP UsernameToken or HTTP Basic Authentication. The options for authentication/authorization backends included Apache DS (ldap), Apache Syncope, Apache Shiro, and Spring Security. In this post, I will cover a number of more advanced ...
Continue reading →

Apache CXF 3.0.0 released
5 months ago

By Colm O hEigeartaigh
Apache CXF 3.0.0 has been released. CXF 3.0.0 picks up Apache Santuario 2.0.0 and WSS4J 2.0.0, and hence all of the new streaming XML/WS-Security functionality available in those releases. Please see the CXF 3.0.0 migration guide for more details about upgrading from an older release. I've also updated the CXF Authentication and Authorization tests in my github repo to use CXF
Continue reading →

OAuth2 - the future of HTTP web services
5 months ago

By Sergey Beryozkin
If the only thing that you've heard about OAuth2 is that it is "insecure" then I'd like to say it is impossible to come up with the generic specification that will ensure the security of your application.
If you have invested some time into analyzing the specific OAuth2 flows and found the conditions under which the security can be breached then it is obvious that a care needs to be applied to whatever OAuth2 flow is deployed depending on how open the ...
Continue reading →
More Articles (+10)

Pages

Subscribe to Talend Community Coders aggregator